Merge branch 'master' into config-doc-descriptions

.drone.env

@@ -1,7 +1,7 @@
 # The test runner source for API tests
-CORE_COMMITID=acabd119e473833f1be47e89ddcc700aa59af0b2
+CORE_COMMITID=9801edd6d51699aa1008a9a78b349151dc8fcb7c
 CORE_BRANCH=master
 
 # The test runner source for UI tests
-WEB_COMMITID=a6cdf4d4bb5dec6aabcf56855be9c40ce87dd735
+WEB_COMMITID=06c1383810b710925149b3b51f426315cca8ed67
 WEB_BRANCH=master

.drone.star

@@ -1576,6 +1576,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
         user = "0:0"
         environment = {
             "OCIS_URL": OCIS_URL,
+            "FRONTEND_ENABLE_RESHARING": "true",
             "GATEWAY_GRPC_ADDR": "0.0.0.0:9142",  # cs3api-validator needs the cs3api gatway exposed
             "STORAGE_USERS_DRIVER": "%s" % (storage),
             "STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root",
@@ -1584,7 +1585,6 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
             "SHARING_USER_JSON_FILE": "/srv/app/tmp/ocis/shares.json",
             "PROXY_ENABLE_BASIC_AUTH": True,
             "WEB_UI_CONFIG": "/drone/src/tests/config/drone/ocis-config.json",
-            "IDP_IDENTIFIER_REGISTRATION_CONF": "/drone/src/tests/config/drone/identifier-registration.yml",
             "OCIS_LOG_LEVEL": "error",
             "SETTINGS_DATA_PATH": "/srv/app/tmp/ocis/settings",
             "IDM_CREATE_DEMO_USERS": True,
@@ -1594,7 +1594,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
             "name": "wait-for-ocis-server",
             "image": OC_CI_ALPINE,
             "commands": [
-                "curl -k -u admin:admin --fail --retry-connrefused --retry 10 --retry-all-errors 'https://ocis-server:9200/graph/v1.0/users/admin'",
+                "curl -k -u admin:admin --fail --retry-connrefused --retry 7 --retry-all-errors 'https://ocis-server:9200/graph/v1.0/users/admin'",
             ],
             "depends_on": depends_on,
         }
@@ -1644,6 +1644,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
             "OCIS_RUN_EXTENSIONS": "app-registry,app-provider,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav",
             "OCIS_LOG_LEVEL": "info",
             "OCIS_URL": OCIS_URL,
+            "FRONTEND_ENABLE_RESHARING": "true",
             "OCIS_BASE_DATA_PATH": "/mnt/data/ocis",
             "OCIS_CONFIG_DIR": "/etc/ocis",
             "PROXY_ENABLE_BASIC_AUTH": "true",
@@ -2260,6 +2261,7 @@ def parallelAcceptance(env):
         "OCIS_SKELETON_STRATEGY": "copy",
         "SEND_SCENARIO_LINE_REFERENCES": "true",
         "UPLOAD_DELETE_WAIT_TIME": "1",
+        "FRONTEND_ENABLE_RESHARING": "true",
     }
     environment.update(env)
 

.github/ISSUE_TEMPLATE/bug_report.md

@@ -27,15 +27,15 @@ A clear and concise description of what happened.
 
 ## Setup
 
-Please describe how you started the server and provide a list of relevant environment variables.
+Please describe how you started the server and provide a list of relevant environment variables or configuration files.
 
 <details>
 <p>
 
 ```console
-OCIS_VERSION=vX.X.X
-BRANCH=vX.X.X
-STORAGE_FRONTEND_UPLOAD_DISABLE_TUS=false
+OCIS_XXX=somevalue
+OCIS_YYY=somevalue
+PROXY_XXX=somevalue
 ```
 
 </p>

.github/settings.yml

@@ -9,7 +9,7 @@ repository:
 
   private: false
   has_issues: true
-  has_projects: false
+  has_projects: true
   has_wiki: false
   has_downloads: false
 
@@ -43,6 +43,8 @@ teams:
     permission: push
   - name: cern
     permission: triage
+  - name: ocis-contractors
+    permission: push
 
 branches:
   - name: master
@@ -63,6 +65,7 @@ branches:
         teams:
           - ci
           - employees
+          - ocis-contractors
 
 ...
 

CHANGELOG.md

@@ -6,113 +6,36 @@ The following sections list the changes for unreleased.
 
 ## Summary
 
-* Bugfix - Rework default role provisioning: [#3900](https://github.com/owncloud/ocis/issues/3900)
-* Bugfix - Remove unused OCS storage configuration: [#3955](https://github.com/owncloud/ocis/pull/3955)
-* Bugfix - Fix version info: [#3953](https://github.com/owncloud/ocis/pull/3953)
-* Bugfix - Fix graph endpoint: [#3925](https://github.com/owncloud/ocis/issues/3925)
-* Bugfix - Make IDP only wait for certs when using LDAP: [#3965](https://github.com/owncloud/ocis/pull/3965)
-* Bugfix - Make ocdav service behave properly: [#3957](https://github.com/owncloud/ocis/pull/3957)
-* Enhancement - Add audit events for created containers: [#3941](https://github.com/owncloud/ocis/pull/3941)
-* Enhancement - Don't setup demo role assignments on default: [#3661](https://github.com/owncloud/ocis/issues/3661)
-* Enhancement - Disable the color logging in docker compose examples: [#871](https://github.com/owncloud/ocis/issues/871)
-* Enhancement - Allow resharing: [#3903](https://github.com/owncloud/ocis/pull/3903)
-* Enhancement - Make thumbnails service log less noisy: [#3959](https://github.com/owncloud/ocis/pull/3959)
-* Enhancement - Update reva: [#3944](https://github.com/owncloud/ocis/pull/3944)
+* Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: [#4023](https://github.com/owncloud/ocis/pull/4023)
+* Enhancement - Generate signing key and encryption secret: [#3909](https://github.com/owncloud/ocis/issues/3909)
+* Enhancement - Update reva: [#4025](https://github.com/owncloud/ocis/pull/4025)
 
 ## Details
 
-* Bugfix - Rework default role provisioning: [#3900](https://github.com/owncloud/ocis/issues/3900)
+* Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: [#4023](https://github.com/owncloud/ocis/pull/4023)
 
-   We fixed a race condition in the default role assignment code that could lead to users loosing
-   privileges. When authenticating before the settings service was fully running.
+   We introduced resharing which was enabled by default, this is now configurable and can be
+   enabled by setting the env `FRONTEND_ENABLE_RESHARING` to `true`. By default resharing is
+   now disabled.
 
-   https://github.com/owncloud/ocis/issues/3900
+   https://github.com/owncloud/ocis/pull/4023
 
-* Bugfix - Remove unused OCS storage configuration: [#3955](https://github.com/owncloud/ocis/pull/3955)
+* Enhancement - Generate signing key and encryption secret: [#3909](https://github.com/owncloud/ocis/issues/3909)
 
-   We've removed the unused OCS configuration option `OCS_STORAGE_USERS_DRIVER`.
+   The idp service now automatically generates a signing key and encryption secret when they
+   don't exist. This will enable service restarts without invalidating existing sessions.
 
-   https://github.com/owncloud/ocis/pull/3955
+   https://github.com/owncloud/ocis/issues/3909
+   https://github.com/owncloud/ocis/pull/4022
 
-* Bugfix - Fix version info: [#3953](https://github.com/owncloud/ocis/pull/3953)
+* Enhancement - Update reva: [#4025](https://github.com/owncloud/ocis/pull/4025)
 
-   We've fixed the version info that is displayed when you run:
+   https://github.com/owncloud/ocis/pull/4025
+# Changelog for [2.0.0-beta.4] (2022-06-22)
 
-   - `ocis version` - `ocis <extension name> version`
+The following sections list the changes for 2.0.0-beta.4.
 
-   Since #2918, these commands returned an empty version only.
-
-   https://github.com/owncloud/ocis/pull/3953
-
-* Bugfix - Fix graph endpoint: [#3925](https://github.com/owncloud/ocis/issues/3925)
-
-   We have added the memberOf slice to the /users endpoint and the member slice to the /group
-   endpoint
-
-   https://github.com/owncloud/ocis/issues/3925
-
-* Bugfix - Make IDP only wait for certs when using LDAP: [#3965](https://github.com/owncloud/ocis/pull/3965)
-
-   When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
-
-   https://github.com/owncloud/ocis/pull/3965
-
-* Bugfix - Make ocdav service behave properly: [#3957](https://github.com/owncloud/ocis/pull/3957)
-
-   The ocdav service now properly passes the tracing config and shuts down when receiving a kill
-   signal.
-
-   https://github.com/owncloud/ocis/pull/3957
-
-* Enhancement - Add audit events for created containers: [#3941](https://github.com/owncloud/ocis/pull/3941)
-
-   Handle the event `ContainerCreated` in the audit service.
-
-   https://github.com/owncloud/ocis/pull/3941
-
-* Enhancement - Don't setup demo role assignments on default: [#3661](https://github.com/owncloud/ocis/issues/3661)
-
-   Added a configuration option to explicitly tell the settings service to generate the default
-   role assignments.
-
-   https://github.com/owncloud/ocis/issues/3661
-   https://github.com/owncloud/ocis/pull/3956
-
-* Enhancement - Disable the color logging in docker compose examples: [#871](https://github.com/owncloud/ocis/issues/871)
-
-   Disabled the color logging in the example docker compose deployments. Although colored logs
-   are helpful during the development process they may be undesired in other situations like
-   production deployments, where the logs aren't consumed by humans directly but instead by a log
-   aggregator.
-
-   https://github.com/owncloud/ocis/issues/871
-   https://github.com/owncloud/ocis/pull/3935
-
-* Enhancement - Allow resharing: [#3903](https://github.com/owncloud/ocis/pull/3903)
-
-   This will allow resharing files
-
-   https://github.com/owncloud/ocis/pull/3903
-
-* Enhancement - Make thumbnails service log less noisy: [#3959](https://github.com/owncloud/ocis/pull/3959)
-
-   Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
-   the logs.
-
-   https://github.com/owncloud/ocis/pull/3959
-
-* Enhancement - Update reva: [#3944](https://github.com/owncloud/ocis/pull/3944)
-
-   TBD
-
-   https://github.com/owncloud/ocis/pull/3944
-   https://github.com/owncloud/ocis/pull/3975
-   https://github.com/owncloud/ocis/pull/3982
-# Changelog for [2.0.0-beta.3] (2022-06-08)
-
-The following sections list the changes for 2.0.0-beta.3.
-
-[2.0.0-beta.3]: https://github.com/owncloud/ocis/compare/v1.20.0...v2.0.0-beta.3
+[2.0.0-beta.4]: https://github.com/owncloud/ocis/compare/v1.20.0...v2.0.0-beta.4
 
 ## Summary
 
@@ -122,11 +45,13 @@ The following sections list the changes for 2.0.0-beta.3.
 * Bugfix - Remove unused transfer secret from app provider: [#3798](https://github.com/owncloud/ocis/pull/3798)
 * Bugfix - Make IDP secrets configurable via environment variables: [#3744](https://github.com/owncloud/ocis/pull/3744)
 * Bugfix - Enable debug server by default: [#3827](https://github.com/owncloud/ocis/pull/3827)
+* Bugfix - Rework default role provisioning: [#3900](https://github.com/owncloud/ocis/issues/3900)
 * Bugfix - Fix search index getting out of sync: [#3851](https://github.com/owncloud/ocis/pull/3851)
 * Bugfix - Inconsistency env var naming for LDAP filter configuration: [#3890](https://github.com/owncloud/ocis/issues/3890)
 * Bugfix - Fix LDAP insecure options: [#3897](https://github.com/owncloud/ocis/pull/3897)
 * Bugfix - Set default name for public link via capabilities: [#3834](https://github.com/owncloud/ocis/pull/3834)
 * Bugfix - Remove legacy accounts proxy routes: [#3831](https://github.com/owncloud/ocis/pull/3831)
+* Bugfix - Remove unused OCS storage configuration: [#3955](https://github.com/owncloud/ocis/pull/3955)
 * Bugfix - Fix the `ocis search` command: [#3796](https://github.com/owncloud/ocis/pull/3796)
 * Bugfix - Rename search env variable for the grpc server address: [#3800](https://github.com/owncloud/ocis/pull/3800)
 * Bugfix - Fix the idm and settings extensions' admin user id configuration option: [#3799](https://github.com/owncloud/ocis/pull/3799)
@@ -134,9 +59,13 @@ The following sections list the changes for 2.0.0-beta.3.
 * Bugfix - Fix multiple storage-users env variables: [#3802](https://github.com/owncloud/ocis/pull/3802)
 * Bugfix - Thumbnails for `/dav/xxx?preview=1` requests: [#3567](https://github.com/owncloud/ocis/pull/3567)
 * Bugfix - Fix user autoprovisioning: [#3893](https://github.com/owncloud/ocis/issues/3893)
+* Bugfix - Fix version info: [#3953](https://github.com/owncloud/ocis/pull/3953)
 * Bugfix - Fix version number in status page: [#3788](https://github.com/owncloud/ocis/issues/3788)
 * Bugfix - Fix the webdav URL of drive roots: [#3706](https://github.com/owncloud/ocis/issues/3706)
 * Bugfix - Idp: Check if CA certificate if present: [#3623](https://github.com/owncloud/ocis/issues/3623)
+* Bugfix - Fix graph endpoint: [#3925](https://github.com/owncloud/ocis/issues/3925)
+* Bugfix - Make IDP only wait for certs when using LDAP: [#3965](https://github.com/owncloud/ocis/pull/3965)
+* Bugfix - Make ocdav service behave properly: [#3957](https://github.com/owncloud/ocis/pull/3957)
 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
 * Bugfix - Save Katherine: [#3823](https://github.com/owncloud/ocis/issues/3823)
 * Bugfix - Fix Thumbnails for IDs without a trailing path: [#3791](https://github.com/owncloud/ocis/pull/3791)
@@ -154,24 +83,32 @@ The following sections list the changes for 2.0.0-beta.3.
 * Change - Rename serviceUser to systemUser: [#3673](https://github.com/owncloud/ocis/pull/3673)
 * Change - Split MachineAuth from SystemUser: [#3672](https://github.com/owncloud/ocis/pull/3672)
 * Enhancement - Align service naming: [#3606](https://github.com/owncloud/ocis/pull/3606)
+* Enhancement - Add acting user to the audit log: [#3753](https://github.com/owncloud/ocis/issues/3753)
+* Enhancement - Add audit events for created containers: [#3941](https://github.com/owncloud/ocis/pull/3941)
+* Enhancement - Don't setup demo role assignments on default: [#3661](https://github.com/owncloud/ocis/issues/3661)
 * Enhancement - Introduce service registry cache: [#3833](https://github.com/owncloud/ocis/pull/3833)
 * Enhancement - Reintroduce user autoprovisioning in proxy: [#3860](https://github.com/owncloud/ocis/pull/3860)
+* Enhancement - Disable the color logging in docker compose examples: [#871](https://github.com/owncloud/ocis/issues/871)
 * Enhancement - Add config option to provide TLS certificate: [#3818](https://github.com/owncloud/ocis/issues/3818)
 * Enhancement - Add descriptions for graph-explorer config: [#3759](https://github.com/owncloud/ocis/pull/3759)
 * Enhancement - Add /me/changePassword endpoint to GraphAPI: [#3063](https://github.com/owncloud/ocis/issues/3063)
 * Enhancement - Wrap metadata storage with dedicated reva gateway: [#3602](https://github.com/owncloud/ocis/pull/3602)
 * Enhancement - Product field in OCS version: [#2918](https://github.com/owncloud/ocis/pull/2918)
+* Enhancement - Allow resharing: [#3904](https://github.com/owncloud/ocis/pull/3904)
 * Enhancement - Add initial version of the search extensions: [#3635](https://github.com/owncloud/ocis/pull/3635)
 * Enhancement - Add capability for public link single file edit: [#6787](https://github.com/owncloud/web/pull/6787)
 * Enhancement - Added `share_jail` and `projects` feature flags in spaces capability: [#3626](https://github.com/owncloud/ocis/pull/3626)
 * Enhancement - Add description tags to the thumbnails config structs: [#3752](https://github.com/owncloud/ocis/pull/3752)
+* Enhancement - Make thumbnails service log less noisy: [#3959](https://github.com/owncloud/ocis/pull/3959)
 * Enhancement - Update linkshare capabilities: [#3579](https://github.com/owncloud/ocis/pull/3579)
+* Enhancement - Update reva: [#3944](https://github.com/owncloud/ocis/pull/3944)
 * Enhancement - Update reva to version 2.4.1: [#3746](https://github.com/owncloud/ocis/pull/3746)
 * Enhancement - Update reva to version 2.5.1: [#3932](https://github.com/owncloud/ocis/pull/3932)
 * Enhancement - Update reva to v2.3.1: [#3552](https://github.com/owncloud/ocis/pull/3552)
 * Enhancement - Update ownCloud Web to v5.5.0-rc.8: [#6854](https://github.com/owncloud/web/pull/6854)
 * Enhancement - Update ownCloud Web to v5.5.0-rc.9: [#6854](https://github.com/owncloud/web/pull/6854)
 * Enhancement - Update ownCloud Web to v5.5.0-rc.6: [#6854](https://github.com/owncloud/web/pull/6854)
+* Enhancement - Update ownCloud Web to v5.7.0-rc.1: [#4005](https://github.com/owncloud/ocis/pull/4005)
 * Enhancement - Add descriptions to webdav configuration: [#3755](https://github.com/owncloud/ocis/pull/3755)
 
 ## Details
@@ -225,6 +162,13 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/3827
 
+* Bugfix - Rework default role provisioning: [#3900](https://github.com/owncloud/ocis/issues/3900)
+
+   We fixed a race condition in the default role assignment code that could lead to users loosing
+   privileges. When authenticating before the settings service was fully running.
+
+   https://github.com/owncloud/ocis/issues/3900
+
 * Bugfix - Fix search index getting out of sync: [#3851](https://github.com/owncloud/ocis/pull/3851)
 
    We fixed a problem where the search index got out of sync with child elements of a parent
@@ -270,6 +214,12 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/3831
 
+* Bugfix - Remove unused OCS storage configuration: [#3955](https://github.com/owncloud/ocis/pull/3955)
+
+   We've removed the unused OCS configuration option `OCS_STORAGE_USERS_DRIVER`.
+
+   https://github.com/owncloud/ocis/pull/3955
+
 * Bugfix - Fix the `ocis search` command: [#3796](https://github.com/owncloud/ocis/pull/3796)
 
    We've fixed the behavior for `ocis search`, which didn't show further help when not all secrets
@@ -334,6 +284,16 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/issues/3893
 
+* Bugfix - Fix version info: [#3953](https://github.com/owncloud/ocis/pull/3953)
+
+   We've fixed the version info that is displayed when you run:
+
+   - `ocis version` - `ocis <extension name> version`
+
+   Since #2918, these commands returned an empty version only.
+
+   https://github.com/owncloud/ocis/pull/3953
+
 * Bugfix - Fix version number in status page: [#3788](https://github.com/owncloud/ocis/issues/3788)
 
    We needed to undo the version number changes on the status page to keep compatibility for legacy
@@ -357,6 +317,26 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/issues/3623
 
+* Bugfix - Fix graph endpoint: [#3925](https://github.com/owncloud/ocis/issues/3925)
+
+   We have added the memberOf slice to the /users endpoint and the member slice to the /group
+   endpoint
+
+   https://github.com/owncloud/ocis/issues/3925
+
+* Bugfix - Make IDP only wait for certs when using LDAP: [#3965](https://github.com/owncloud/ocis/pull/3965)
+
+   When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
+
+   https://github.com/owncloud/ocis/pull/3965
+
+* Bugfix - Make ocdav service behave properly: [#3957](https://github.com/owncloud/ocis/pull/3957)
+
+   The ocdav service now properly passes the tracing config and shuts down when receiving a kill
+   signal.
+
+   https://github.com/owncloud/ocis/pull/3957
+
 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
 
    The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
@@ -492,6 +472,27 @@ The following sections list the changes for 2.0.0-beta.3.
    https://github.com/owncloud/ocis/issues/3603
    https://github.com/owncloud/ocis/pull/3606
 
+* Enhancement - Add acting user to the audit log: [#3753](https://github.com/owncloud/ocis/issues/3753)
+
+   Added the acting user to the events in the audit log.
+
+   https://github.com/owncloud/ocis/issues/3753
+   https://github.com/owncloud/ocis/pull/3992
+
+* Enhancement - Add audit events for created containers: [#3941](https://github.com/owncloud/ocis/pull/3941)
+
+   Handle the event `ContainerCreated` in the audit service.
+
+   https://github.com/owncloud/ocis/pull/3941
+
+* Enhancement - Don't setup demo role assignments on default: [#3661](https://github.com/owncloud/ocis/issues/3661)
+
+   Added a configuration option to explicitly tell the settings service to generate the default
+   role assignments.
+
+   https://github.com/owncloud/ocis/issues/3661
+   https://github.com/owncloud/ocis/pull/3956
+
 * Enhancement - Introduce service registry cache: [#3833](https://github.com/owncloud/ocis/pull/3833)
 
    We've improved the service registry / service discovery by setting up registry caching (TTL
@@ -507,6 +508,16 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/3860
 
+* Enhancement - Disable the color logging in docker compose examples: [#871](https://github.com/owncloud/ocis/issues/871)
+
+   Disabled the color logging in the example docker compose deployments. Although colored logs
+   are helpful during the development process they may be undesired in other situations like
+   production deployments, where the logs aren't consumed by humans directly but instead by a log
+   aggregator.
+
+   https://github.com/owncloud/ocis/issues/871
+   https://github.com/owncloud/ocis/pull/3935
+
 * Enhancement - Add config option to provide TLS certificate: [#3818](https://github.com/owncloud/ocis/issues/3818)
 
    Added a config option to the graph service to provide a TLS certificate to be used to verify the
@@ -548,6 +559,12 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/2918
 
+* Enhancement - Allow resharing: [#3904](https://github.com/owncloud/ocis/pull/3904)
+
+   This will allow resharing files
+
+   https://github.com/owncloud/ocis/pull/3904
+
 * Enhancement - Add initial version of the search extensions: [#3635](https://github.com/owncloud/ocis/pull/3635)
 
    It is now possible to search for files and directories by their name using the web UI. Therefor
@@ -585,6 +602,13 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/3752
 
+* Enhancement - Make thumbnails service log less noisy: [#3959](https://github.com/owncloud/ocis/pull/3959)
+
+   Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
+   the logs.
+
+   https://github.com/owncloud/ocis/pull/3959
+
 * Enhancement - Update linkshare capabilities: [#3579](https://github.com/owncloud/ocis/pull/3579)
 
    We have updated the capabilities regarding password enforcement and expiration dates of
@@ -593,6 +617,38 @@ The following sections list the changes for 2.0.0-beta.3.
 
    https://github.com/owncloud/ocis/pull/3579
 
+* Enhancement - Update reva: [#3944](https://github.com/owncloud/ocis/pull/3944)
+
+   Changelog for reva 2.6.0 (2022-06-21) =======================================
+
+   The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
+   ordered by importance.
+
+  * Bugfix [cs3org/reva#2985](https://github.com/cs3org/reva/pull/2985): Make stat requests route based on storage providerid
+  * Bugfix [cs3org/reva#2987](https://github.com/cs3org/reva/pull/2987): Let archiver handle all error codes
+  * Bugfix [cs3org/reva#2994](https://github.com/cs3org/reva/pull/2994): Bugfix errors when loading shares
+  * Bugfix [cs3org/reva#2996](https://github.com/cs3org/reva/pull/2996): Do not close share dump channels
+  * Bugfix [cs3org/reva#2993](https://github.com/cs3org/reva/pull/2993): Remove unused configuration
+  * Bugfix [cs3org/reva#2950](https://github.com/cs3org/reva/pull/2950): Bugfix sharing with space ref
+  * Bugfix [cs3org/reva#2991](https://github.com/cs3org/reva/pull/2991): Make sharesstorageprovider get accepted share
+  * Change [cs3org/reva#2877](https://github.com/cs3org/reva/pull/2877): Enable resharing
+  * Change [cs3org/reva#2984](https://github.com/cs3org/reva/pull/2984): Update CS3Apis
+  * Enhancement [cs3org/reva#3753](https://github.com/cs3org/reva/pull/3753): Add executant to the events
+  * Enhancement [cs3org/reva#2820](https://github.com/cs3org/reva/pull/2820): Instrument GRPC and HTTP requests with OTel
+  * Enhancement [cs3org/reva#2975](https://github.com/cs3org/reva/pull/2975): Leverage shares space storageid and type when listing shares
+  * Enhancement [cs3org/reva#3882](https://github.com/cs3org/reva/pull/3882): Explicitly return on ocdav move requests with body
+  * Enhancement [cs3org/reva#2932](https://github.com/cs3org/reva/pull/2932): Stat accepted shares mountpoints, configure existing share updates
+  * Enhancement [cs3org/reva#2944](https://github.com/cs3org/reva/pull/2944): Improve owncloudsql connection management
+  * Enhancement [cs3org/reva#2962](https://github.com/cs3org/reva/pull/2962): Per service TracerProvider
+  * Enhancement [cs3org/reva#2911](https://github.com/cs3org/reva/pull/2911): Allow for dumping and loading shares
+  * Enhancement [cs3org/reva#2938](https://github.com/cs3org/reva/pull/2938): Sharpen tooling
+
+   https://github.com/owncloud/ocis/pull/3944
+   https://github.com/owncloud/ocis/pull/3975
+   https://github.com/owncloud/ocis/pull/3982
+   https://github.com/owncloud/ocis/pull/4000
+   https://github.com/owncloud/ocis/pull/4006
+
 * Enhancement - Update reva to version 2.4.1: [#3746](https://github.com/owncloud/ocis/pull/3746)
 
    Changelog for reva 2.4.1 (2022-05-24) =======================================
@@ -798,6 +854,40 @@ The following sections list the changes for 2.0.0-beta.3.
    https://github.com/owncloud/ocis/pull/3797
    https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
 
+* Enhancement - Update ownCloud Web to v5.7.0-rc.1: [#4005](https://github.com/owncloud/ocis/pull/4005)
+
+   Tags: web
+
+   We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
+   the web release.
+
+  * Enhancement [owncloud/web#7119](https://github.com/owncloud/web/pull/7119): Copy/Move conflict dialog
+  * Enhancement [owncloud/web#7122](https://github.com/owncloud/web/pull/7122): Enable Drag&Drop and keyboard shortcuts for all views
+  * Enhancement [owncloud/web#7053](https://github.com/owncloud/web/pull/7053): Personal space id in URL
+  * Enhancement [owncloud/web#6933](https://github.com/owncloud/web/pull/6933): Customize additional mimeTypes for preview app
+  * Enhancement [owncloud/web#7078](https://github.com/owncloud/web/pull/7078): Add Hotkeys to ResourceTable
+  * Enhancement [owncloud/web#7120](https://github.com/owncloud/web/pull/7120): Use tus chunksize from backend
+  * Enhancement [owncloud/web#6749](https://github.com/owncloud/web/pull/6749): Update ODS to v13.2.0-rc.1
+  * Enhancement [owncloud/web#7111](https://github.com/owncloud/web/pull/7111): Upload data during creation
+  * Enhancement [owncloud/web#7109](https://github.com/owncloud/web/pull/7109): Clickable folder links in upload overlay
+  * Enhancement [owncloud/web#7123](https://github.com/owncloud/web/pull/7123): Indeterminate progress bar in upload overlay
+  * Enhancement [owncloud/web#7088](https://github.com/owncloud/web/pull/7088): Upload time estimation
+  * Enhancement [owncloud/web#7125](https://github.com/owncloud/web/pull/7125): Wording improvements
+  * Enhancement [owncloud/web#7140](https://github.com/owncloud/web/pull/7140): Separate direct and indirect link shares in sidebar
+  * Bugfix [owncloud/web#7156](https://github.com/owncloud/web/pull/7156): Folder link targets
+  * Bugfix [owncloud/web#7108](https://github.com/owncloud/web/pull/7108): Reload of an updated space-image and/or -readme
+  * Bugfix [owncloud/web#6846](https://github.com/owncloud/web/pull/6846): Upload meta data serialization
+  * Bugfix [owncloud/web#7100](https://github.com/owncloud/web/pull/7100): Complete-state of the upload overlay
+  * Bugfix [owncloud/web#7104](https://github.com/owncloud/web/pull/7104): Parent folder name on public links
+  * Bugfix [owncloud/web#7173](https://github.com/owncloud/web/pull/7173): Re-introduce dynamic app name in document title
+  * Bugfix [owncloud/web#7166](https://github.com/owncloud/web/pull/7166): External apps fixes
+
+   https://github.com/owncloud/ocis/pull/4005
+   https://github.com/owncloud/web/pull/7158
+   https://github.com/owncloud/ocis/pull/3990
+   https://github.com/owncloud/web/pull/6854
+   https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
+
 * Enhancement - Add descriptions to webdav configuration: [#3755](https://github.com/owncloud/ocis/pull/3755)
 
    Added descriptions to webdav config structs to include them in the config documentation.

changelog/2.0.0_2022-06-22/audit-service.md

@@ -0,0 +1,6 @@
+Enhancement: add acting user to the audit log
+
+Added the acting user to the events in the audit log.
+
+https://github.com/owncloud/ocis/issues/3753
+https://github.com/owncloud/ocis/pull/3992

changelog/2.0.0_2022-06-22/resharing.md

@@ -2,4 +2,4 @@ Enhancement: Allow resharing
 
 This will allow resharing files
 
-https://github.com/owncloud/ocis/pull/3903
+https://github.com/owncloud/ocis/pull/3904

changelog/2.0.0_2022-06-22/update-reva-beta.4.md

@@ -0,0 +1,32 @@
+Enhancement: Update reva
+
+Changelog for reva 2.6.0 (2022-06-21)
+=======================================
+
+The following sections list the changes in reva 2.6.0 relevant to
+reva users. The changes are ordered by importance.
+
+* Bugfix [cs3org/reva#2985](https://github.com/cs3org/reva/pull/2985): Make stat requests route based on storage providerid
+* Bugfix [cs3org/reva#2987](https://github.com/cs3org/reva/pull/2987): Let archiver handle all error codes
+* Bugfix [cs3org/reva#2994](https://github.com/cs3org/reva/pull/2994): Bugfix errors when loading shares
+* Bugfix [cs3org/reva#2996](https://github.com/cs3org/reva/pull/2996): Do not close share dump channels
+* Bugfix [cs3org/reva#2993](https://github.com/cs3org/reva/pull/2993): Remove unused configuration
+* Bugfix [cs3org/reva#2950](https://github.com/cs3org/reva/pull/2950): Bugfix sharing with space ref
+* Bugfix [cs3org/reva#2991](https://github.com/cs3org/reva/pull/2991): Make sharesstorageprovider get accepted share
+* Change [cs3org/reva#2877](https://github.com/cs3org/reva/pull/2877): Enable resharing
+* Change [cs3org/reva#2984](https://github.com/cs3org/reva/pull/2984): Update CS3Apis
+* Enhancement [cs3org/reva#3753](https://github.com/cs3org/reva/pull/3753): Add executant to the events
+* Enhancement [cs3org/reva#2820](https://github.com/cs3org/reva/pull/2820): Instrument GRPC and HTTP requests with OTel
+* Enhancement [cs3org/reva#2975](https://github.com/cs3org/reva/pull/2975): Leverage shares space storageid and type when listing shares
+* Enhancement [cs3org/reva#3882](https://github.com/cs3org/reva/pull/3882): Explicitly return on ocdav move requests with body
+* Enhancement [cs3org/reva#2932](https://github.com/cs3org/reva/pull/2932): Stat accepted shares mountpoints, configure existing share updates
+* Enhancement [cs3org/reva#2944](https://github.com/cs3org/reva/pull/2944): Improve owncloudsql connection management
+* Enhancement [cs3org/reva#2962](https://github.com/cs3org/reva/pull/2962): Per service TracerProvider
+* Enhancement [cs3org/reva#2911](https://github.com/cs3org/reva/pull/2911): Allow for dumping and loading shares
+* Enhancement [cs3org/reva#2938](https://github.com/cs3org/reva/pull/2938): Sharpen tooling
+
+https://github.com/owncloud/ocis/pull/3944
+https://github.com/owncloud/ocis/pull/3975
+https://github.com/owncloud/ocis/pull/3982
+https://github.com/owncloud/ocis/pull/4000
+https://github.com/owncloud/ocis/pull/4006

changelog/2.0.0_2022-06-22/update-web-5.7.0-rc.1-beta.4.md

@@ -0,0 +1,32 @@
+Enhancement: Update ownCloud Web to v5.7.0-rc.1
+
+Tags: web
+
+We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on the web release.
+
+* Enhancement [owncloud/web#7119](https://github.com/owncloud/web/pull/7119): Copy/Move conflict dialog
+* Enhancement [owncloud/web#7122](https://github.com/owncloud/web/pull/7122): Enable Drag&Drop and keyboard shortcuts for all views
+* Enhancement [owncloud/web#7053](https://github.com/owncloud/web/pull/7053): Personal space id in URL
+* Enhancement [owncloud/web#6933](https://github.com/owncloud/web/pull/6933): Customize additional mimeTypes for preview app
+* Enhancement [owncloud/web#7078](https://github.com/owncloud/web/pull/7078): Add Hotkeys to ResourceTable
+* Enhancement [owncloud/web#7120](https://github.com/owncloud/web/pull/7120): Use tus chunksize from backend
+* Enhancement [owncloud/web#6749](https://github.com/owncloud/web/pull/6749): Update ODS to v13.2.0-rc.1
+* Enhancement [owncloud/web#7111](https://github.com/owncloud/web/pull/7111): Upload data during creation
+* Enhancement [owncloud/web#7109](https://github.com/owncloud/web/pull/7109): Clickable folder links in upload overlay
+* Enhancement [owncloud/web#7123](https://github.com/owncloud/web/pull/7123): Indeterminate progress bar in upload overlay
+* Enhancement [owncloud/web#7088](https://github.com/owncloud/web/pull/7088): Upload time estimation
+* Enhancement [owncloud/web#7125](https://github.com/owncloud/web/pull/7125): Wording improvements
+* Enhancement [owncloud/web#7140](https://github.com/owncloud/web/pull/7140): Separate direct and indirect link shares in sidebar
+* Bugfix [owncloud/web#7156](https://github.com/owncloud/web/pull/7156): Folder link targets
+* Bugfix [owncloud/web#7108](https://github.com/owncloud/web/pull/7108): Reload of an updated space-image and/or -readme
+* Bugfix [owncloud/web#6846](https://github.com/owncloud/web/pull/6846): Upload meta data serialization
+* Bugfix [owncloud/web#7100](https://github.com/owncloud/web/pull/7100): Complete-state of the upload overlay
+* Bugfix [owncloud/web#7104](https://github.com/owncloud/web/pull/7104): Parent folder name on public links
+* Bugfix [owncloud/web#7173](https://github.com/owncloud/web/pull/7173): Re-introduce dynamic app name in document title
+* Bugfix [owncloud/web#7166](https://github.com/owncloud/web/pull/7166): External apps fixes
+
+https://github.com/owncloud/ocis/pull/4005
+https://github.com/owncloud/web/pull/7158
+https://github.com/owncloud/ocis/pull/3990
+https://github.com/owncloud/web/pull/6854
+https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1

changelog/CHANGELOG.tmpl

@@ -3,7 +3,7 @@
 {{ $version := .Version -}}
 {{/* ocis beta program */ -}}
 {{ if eq .Version "2.0.0" -}}
-{{ $version = (printf  "%v-%v" $version "beta.3") -}}
+{{ $version = (printf  "%v-%v" $version "beta.4") -}}
 {{ end -}}
 {{ if gt (len $allVersions) 1 -}}
 # Changelog for [{{ $version }}] ({{ .Date }})

changelog/unreleased/add-resharing-env.md

@@ -0,0 +1,6 @@
+Enhancement: add FRONTEND_ENABLE_RESHARING env variable
+
+We introduced resharing which was enabled by default, this is now configurable and can be enabled by setting the env `FRONTEND_ENABLE_RESHARING` to `true`.
+By default resharing is now disabled.
+
+https://github.com/owncloud/ocis/pull/4023

changelog/unreleased/idp-default-files.md

@@ -0,0 +1,7 @@
+Enhancement: Generate signing key and encryption secret
+
+The idp service now automatically generates a signing key and encryption secret when they don't exist.
+This will enable service restarts without invalidating existing sessions.
+
+https://github.com/owncloud/ocis/issues/3909
+https://github.com/owncloud/ocis/pull/4022

changelog/unreleased/update-reva-beta.4.md

@@ -1,7 +0,0 @@
-Enhancement: Update reva
-
-TBD
-
-https://github.com/owncloud/ocis/pull/3944
-https://github.com/owncloud/ocis/pull/3975
-https://github.com/owncloud/ocis/pull/3982

changelog/unreleased/update-reva-beta.5.md

@@ -0,0 +1,3 @@
+Enhancement: Update reva
+
+https://github.com/owncloud/ocis/pull/4025

deployments/examples/ocis_keycloak/.env

@@ -23,16 +23,6 @@ OCIS_DOCKER_TAG=
 OCIS_DOMAIN=
 # owncloud Web openid connect client id. Defaults to "web"
 OCIS_OIDC_CLIENT_ID=
-# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
-IDP_LDAP_BIND_PASSWORD=
-# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
-STORAGE_LDAP_BIND_PASSWORD=
-# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
-OCIS_JWT_SECRET=
-# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
-STORAGE_TRANSFER_SECRET=
-# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
-OCIS_MACHINE_AUTH_API_KEY=
 
 ### Keycloak ###
 # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"

deployments/examples/ocis_keycloak/docker-compose.yml

@@ -63,14 +63,6 @@ services:
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
       OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
-      # demo users
-      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
-      # change default secrets
-      IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
-      STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
-      OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
-      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
-      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
       # INSECURE: needed if oCIS / Traefik is using self generated certificates
       OCIS_INSECURE: "${INSECURE:-false}"
     volumes:

deployments/examples/ocis_wopi/docker-compose.yml

@@ -161,11 +161,11 @@ services:
     restart: always
 
   collabora:
-    image: collabora/code:6.4.11.3
+    image: collabora/code:21.11.5.3.1
     networks:
       ocis-net:
     environment:
-      domain: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443
       DONT_GEN_SSL_CERT: "YES"
       extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test}
       username: ${COLLABORA_ADMIN_USER}
@@ -184,11 +184,12 @@ services:
     restart: always
 
   onlyoffice:
-    image: onlyoffice/documentserver:6.4.0
+    image: onlyoffice/documentserver:7.1
     networks:
       ocis-net:
     environment:
-      USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # selfsigned certificates
+      WOPI_ENABLED: "true"
+      USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # self signed certificates
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.onlyoffice.entrypoints=https"

docs/extensions/settings/tests.md

@@ -16,15 +16,6 @@ You need a working installation of [the Go programming language](https://golang.
 
 Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/) and the [infinite scale repo](https://github.com/owncloud/ocis/) next to each other. If your file/folder structure is different, you'll have to change the paths below accordingly.
 
-{{< hint info >}}
-For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests:
-
-```bash
-rm ~/.ocis/idp/identifier-registration.yaml
-```
-
-{{< /hint >}}
-
 ### In the web repo
 
 #### **Optional:** Build web to test local changes

docs/ocis/deployment/basic-remote-setup.md

@@ -19,12 +19,6 @@ Initialize the oCIS configuration by running `./bin/ocis init`.
 
 Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a directory tree skeleton in `$HOME/.ocis`. If that is already existing it will not be overwritten as it contains all relevant data for oCIS.
 
-In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to configure the built-in identity provider and therefore contains the OpenID Connect issuer and also information about relying parties, for example ownCloud Web and our desktop and mobile applications.
-
-{{< hint warning >}}
-The `identifier-registration.yaml` file will only be generated if it does not exist yet. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors.
-{{< /hint >}}
-
 For the following examples you need to have the oCIS binary in your current working directory, we assume it is named `ocis` and it needs to be marked as executable. See [Getting Started]({{< ref "../getting-started/#binaries" >}}) for where to get the binary from.
 
 ### Using automatically generated certificates

docs/ocis/deployment/bridge.md

@@ -204,15 +204,6 @@ export IDP_LDAP_NAME_ATTRIBUTE=givenName
 ```
 Don't forget to use an existing user with admin permissions (only admins are allowed to list all users via the graph api) and the correct password.
 
-{{< hint warning >}}
-* TODO: change the default values in glauth & ocis to use an `ownclouduuid` attribute.
-* TODO: split `OCIS_URL` and `IDP_ISS` env vars and use `OCIS_URL` to generate the clients in the `identifier-registration.yaml`.
-{{< /hint >}}
-
-### Configure clients
-
-When the `identifier-registration.yaml` does not exist it will be generated based on the `OCIS_URL` environment variable.
-
 #### Run it!
 
 You can now bring up `ocis/bin/ocis idp` with:
@@ -276,7 +267,7 @@ $ bin/web server --web-config-server https://cloud.example.com --oidc-authority
 - `--web-config-server https://cloud.example.com` is ownCloud url with webdav and ocs endpoints (oc10 or ocis)
 - `--oidc-authority https://192.168.1.100:9130` the openid connect issuing authority, in our case `oidc-idp`, running on port 9130
 - `--oidc-metadata-url https://192.168.1.100:9130/.well-known/openid-configuration` the openid connect configuration endpoint, typically the issuer host with `.well-known/openid-configuration`, but there are cases when another endpoint is used, e.g. ping identity provides multiple endpoints to separate domains
-- `--oidc-client-id ocis` the client id we will register later with `ocis-idp` in the `identifier-registration.yaml`
+- `--oidc-client-id ocis` the client id we will register later with `ocis-idp` in idp OIDC client settings
 
 ### Patch owncloud
 
@@ -324,4 +315,4 @@ In the above configuration replace
 
 Aside from the above todos these are the next steps
 - tie it all together behind `ocis-proxy`
-- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured `ocis-idp` `identifier-registration.yaml` file for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.
+- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured idp OIDC client `ocis-idp` for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.

docs/ocis/deployment/ocis_keycloak.md

@@ -72,16 +72,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
   OCIS_DOMAIN=
   # ownCloud Web openid connect client id. Defaults to "ocis-web"
   OCIS_OIDC_CLIENT_ID=
-  # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
-  IDP_LDAP_BIND_PASSWORD=
-  # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
-  STORAGE_LDAP_BIND_PASSWORD=
-  # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
-  OCIS_JWT_SECRET=
-  # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
-  STORAGE_TRANSFER_SECRET=
-  # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
-  OCIS_MACHINE_AUTH_API_KEY=
 
   ### Keycloak ###
   # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"

extensions/audit/pkg/service/service_test.go

@@ -162,6 +162,7 @@ var testCases = []struct {
 	}, {
 		Alias: "LinkRemoved - id",
 		SystemEvent: events.LinkRemoved{
+			Executant:  userID("sharing-userid"),
 			ShareID:    linkID("shareid"),
 			ShareToken: "",
 		},
@@ -170,9 +171,9 @@ var testCases = []struct {
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "public link id:'shareid' was removed", "file_unshared")
+			checkBaseAuditEvent(t, ev.AuditEvent, "sharing-userid", "", "user 'sharing-userid' removed public link with id:'shareid'", "file_unshared")
 			// AuditEventSharing fields
-			checkSharingAuditEvent(t, ev.AuditEventSharing, "", "", "shareid")
+			checkSharingAuditEvent(t, ev.AuditEventSharing, "", "sharing-userid", "shareid")
 			// AuditEventShareUpdated fields
 			require.Equal(t, "", ev.ItemType) // not implemented atm
 			require.Equal(t, "link", ev.ShareType)
@@ -181,6 +182,7 @@ var testCases = []struct {
 	}, {
 		Alias: "LinkRemoved - token",
 		SystemEvent: events.LinkRemoved{
+			Executant:  userID("sharing-userid"),
 			ShareID:    nil,
 			ShareToken: "token-123",
 		},
@@ -189,9 +191,9 @@ var testCases = []struct {
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "public link id:'token-123' was removed", "file_unshared")
+			checkBaseAuditEvent(t, ev.AuditEvent, "sharing-userid", "", "user 'sharing-userid' removed public link with id:'token-123'", "file_unshared")
 			// AuditEventSharing fields
-			checkSharingAuditEvent(t, ev.AuditEventSharing, "", "", "token-123")
+			checkSharingAuditEvent(t, ev.AuditEventSharing, "", "sharing-userid", "token-123")
 			// AuditEventShareUpdated fields
 			require.Equal(t, "", ev.ItemType) // not implemented atm
 			require.Equal(t, "link", ev.ShareType)
@@ -297,51 +299,55 @@ var testCases = []struct {
 	}, {
 		Alias: "File created",
 		SystemEvent: events.FileUploaded{
-			Ref:   reference("sto-123", "iid-123", "./item"),
-			Owner: userID("uid-123"), // NOTE: owner not yet implemented in reva
+			Executant: userID("uid-123"),
+			Ref:       reference("sto-123", "iid-123", "./item"),
+			Owner:     userID("uid-123"), // NOTE: owner not yet implemented in reva
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventFileCreated{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was created", "file_create")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' created file 'sto-123!iid-123/item'", "file_create")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 		},
 	}, {
 		Alias: "File read",
 		SystemEvent: events.FileDownloaded{
-			Ref:   reference("sto-123", "iid-123", "./item"),
-			Owner: userID("uid-123"), // NOTE: owner not yet implemented in reva
+			Executant: userID("uid-123"),
+			Ref:       reference("sto-123", "iid-123", "./item"),
+			Owner:     userID("uid-123"), // NOTE: owner not yet implemented in reva
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventFileRead{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was read", "file_read")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' read file 'sto-123!iid-123/item'", "file_read")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 		},
 	}, {
 		Alias: "File trashed",
 		SystemEvent: events.ItemTrashed{
-			Ref:   reference("sto-123", "iid-123", "./item"),
-			Owner: userID("uid-123"), // NOTE: owner not yet implemented in reva
+			Executant: userID("uid-123"),
+			Ref:       reference("sto-123", "iid-123", "./item"),
+			Owner:     userID("uid-123"), // NOTE: owner not yet implemented in reva
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventFileDeleted{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was trashed", "file_delete")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' trashed file 'sto-123!iid-123/item'", "file_delete")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 		},
 	}, {
 		Alias: "File renamed",
 		SystemEvent: events.ItemMoved{
+			Executant:    userID("uid-123"),
 			Ref:          reference("sto-123", "iid-123", "./item"),
 			OldReference: reference("sto-123", "iid-123", "./anotheritem"),
 			Owner:        userID("uid-123"), // NOTE: owner not yet implemented in reva
@@ -351,7 +357,7 @@ var testCases = []struct {
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was moved from './anotheritem' to './item'", "file_rename")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' moved file 'sto-123!iid-123/item' from './anotheritem' to './item'", "file_rename")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 			// AuditEventFileRenamed fields
@@ -361,21 +367,23 @@ var testCases = []struct {
 	}, {
 		Alias: "File purged",
 		SystemEvent: events.ItemPurged{
-			Ref:   reference("sto-123", "iid-123", "./item"),
-			Owner: userID("uid-123"), // NOTE: owner not yet implemented in reva
+			Executant: userID("uid-123"),
+			Ref:       reference("sto-123", "iid-123", "./item"),
+			Owner:     userID("uid-123"), // NOTE: owner not yet implemented in reva
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventFilePurged{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was removed from trashbin", "file_trash_delete")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' removed file 'sto-123!iid-123/item' from trashbin", "file_trash_delete")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 		},
 	}, {
 		Alias: "File restored",
 		SystemEvent: events.ItemRestored{
+			Executant:    userID("uid-123"),
 			Ref:          reference("sto-123", "iid-123", "./item"),
 			Owner:        userID("uid-123"), // NOTE: owner not yet implemented in reva
 			OldReference: reference("sto-123", "sto-123!iid-123/item", "./oldpath"),
@@ -386,7 +394,7 @@ var testCases = []struct {
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was restored from trashbin to './item'", "file_trash_restore")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' restored file 'sto-123!iid-123/item' from trashbin to './item'", "file_trash_restore")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 			// AuditEventFileRestored fields
@@ -396,16 +404,17 @@ var testCases = []struct {
 	}, {
 		Alias: "File version restored",
 		SystemEvent: events.FileVersionRestored{
-			Ref:   reference("sto-123", "iid-123", "./item"),
-			Owner: userID("uid-123"), // NOTE: owner not yet implemented in reva
-			Key:   "v1",
+			Executant: userID("uid-123"),
+			Ref:       reference("sto-123", "iid-123", "./item"),
+			Owner:     userID("uid-123"), // NOTE: owner not yet implemented in reva
+			Key:       "v1",
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventFileVersionRestored{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "File 'sto-123!iid-123/item' was restored in version 'v1'", "file_version_restore")
+			checkBaseAuditEvent(t, ev.AuditEvent, "uid-123", "", "user 'uid-123' restored file 'sto-123!iid-123/item' in version 'v1'", "file_version_restore")
 			// AuditEventSharing fields
 			checkFilesAuditEvent(t, ev.AuditEventFiles, "sto-123!iid-123/item", "uid-123", "./item")
 			// AuditEventFileRestored fields
@@ -415,20 +424,21 @@ var testCases = []struct {
 	}, {
 		Alias: "Space created",
 		SystemEvent: events.SpaceCreated{
-			ID:    &provider.StorageSpaceId{OpaqueId: "space-123"},
-			Owner: userID("uid-123"),
-			Root:  resourceID("sto-123", "iid-123"),
-			Name:  "test-space",
-			Type:  "project",
-			Quota: nil, // Quota not interesting atm
-			MTime: timestamp(10e9),
+			Executant: userID("uid-123"),
+			ID:        &provider.StorageSpaceId{OpaqueId: "space-123"},
+			Owner:     userID("uid-123"),
+			Root:      resourceID("sto-123", "iid-123"),
+			Name:      "test-space",
+			Type:      "project",
+			Quota:     nil, // Quota not interesting atm
+			MTime:     timestamp(10e9),
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventSpaceCreated{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "2286-11-20T17:46:40Z", "Space 'space-123' with name 'test-space' was created", "space_created")
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "2286-11-20T17:46:40Z", "user 'uid-123' created a space 'space-123' with name 'test-space'", "space_created")
 			// AuditEventSpaces fields
 			checkSpacesAuditEvent(t, ev.AuditEventSpaces, "space-123")
 			// AuditEventFileRestored fields
@@ -440,16 +450,17 @@ var testCases = []struct {
 	}, {
 		Alias: "Space renamed",
 		SystemEvent: events.SpaceRenamed{
-			ID:    &provider.StorageSpaceId{OpaqueId: "space-123"},
-			Owner: userID("uid-123"),
-			Name:  "new-name",
+			Executant: userID("uid-123"),
+			ID:        &provider.StorageSpaceId{OpaqueId: "space-123"},
+			Owner:     userID("uid-123"),
+			Name:      "new-name",
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventSpaceRenamed{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "Space 'space-123' was renamed to 'new-name'", "space_renamed")
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "user 'uid-123' renamed space 'space-123' to 'new-name'", "space_renamed")
 			// AuditEventSpaces fields
 			checkSpacesAuditEvent(t, ev.AuditEventSpaces, "space-123")
 			// AuditEventSpaceRenamed fields
@@ -458,42 +469,45 @@ var testCases = []struct {
 	}, {
 		Alias: "Space disabled",
 		SystemEvent: events.SpaceDisabled{
-			ID: &provider.StorageSpaceId{OpaqueId: "space-123"},
+			Executant: userID("uid-123"),
+			ID:        &provider.StorageSpaceId{OpaqueId: "space-123"},
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventSpaceDisabled{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "Space 'space-123' was disabled", "space_disabled")
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "user 'uid-123' disabled the space 'space-123'", "space_disabled")
 			// AuditEventSpaces fields
 			checkSpacesAuditEvent(t, ev.AuditEventSpaces, "space-123")
 		},
 	}, {
 		Alias: "Space enabled",
 		SystemEvent: events.SpaceEnabled{
-			ID: &provider.StorageSpaceId{OpaqueId: "space-123"},
+			Executant: userID("uid-123"),
+			ID:        &provider.StorageSpaceId{OpaqueId: "space-123"},
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventSpaceEnabled{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "Space 'space-123' was (re-) enabled", "space_enabled")
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "user 'uid-123' (re-) enabled the space 'space-123'", "space_enabled")
 			// AuditEventSpaces fields
 			checkSpacesAuditEvent(t, ev.AuditEventSpaces, "space-123")
 		},
 	}, {
 		Alias: "Space deleted",
 		SystemEvent: events.SpaceDeleted{
-			ID: &provider.StorageSpaceId{OpaqueId: "space-123"},
+			Executant: userID("uid-123"),
+			ID:        &provider.StorageSpaceId{OpaqueId: "space-123"},
 		},
 		CheckAuditEvent: func(t *testing.T, b []byte) {
 			ev := types.AuditEventSpaceDeleted{}
 			require.NoError(t, json.Unmarshal(b, &ev))
 
 			// AuditEvent fields
-			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "Space 'space-123' was deleted", "space_deleted")
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "user 'uid-123' deleted the space 'space-123'", "space_deleted")
 			// AuditEventSpaces fields
 			checkSpacesAuditEvent(t, ev.AuditEventSpaces, "space-123")
 		},

extensions/audit/pkg/types/constants.go

@@ -75,8 +75,8 @@ func MessageShareRemoved(sharer, shareid, itemid string) string {
 }
 
 // MessageLinkRemoved returns the human readable string that describes the action
-func MessageLinkRemoved(shareid string) string {
-	return fmt.Sprintf("public link id:'%s' was removed", shareid)
+func MessageLinkRemoved(executant, shareid string) string {
+	return fmt.Sprintf("user '%s' removed public link with id:'%s'", executant, shareid)
 }
 
 // MessageShareAccepted returns the human readable string that describes the action
@@ -95,87 +95,89 @@ func MessageLinkAccessed(linkid string, success bool) string {
 }
 
 // MessageContainerCreated returns the human readable string that describes the action
-func MessageContainerCreated(item string) string {
-	return fmt.Sprintf("Folder '%s' was created", item)
+func MessageContainerCreated(executant, item string) string {
+	return fmt.Sprintf("user '%s' created folder '%s'", executant, item)
 }
 
 // MessageFileCreated returns the human readable string that describes the action
-func MessageFileCreated(item string) string {
-	return fmt.Sprintf("File '%s' was created", item)
+func MessageFileCreated(executant, item string) string {
+	return fmt.Sprintf("user '%s' created file '%s'", executant, item)
 }
 
 // MessageFileRead returns the human readable string that describes the action
-func MessageFileRead(item string) string {
-	return fmt.Sprintf("File '%s' was read", item)
+func MessageFileRead(executant, item string) string {
+	return fmt.Sprintf("user '%s' read file '%s'", executant, item)
 }
 
 // MessageFileTrashed returns the human readable string that describes the action
-func MessageFileTrashed(item string) string {
-	return fmt.Sprintf("File '%s' was trashed", item)
+func MessageFileTrashed(executant, item string) string {
+	return fmt.Sprintf("user '%s' trashed file '%s'", executant, item)
 }
 
 // MessageFileRenamed returns the human readable string that describes the action
-func MessageFileRenamed(item, oldpath, newpath string) string {
-	return fmt.Sprintf("File '%s' was moved from '%s' to '%s'", item, oldpath, newpath)
+func MessageFileRenamed(executant, item, oldpath, newpath string) string {
+	return fmt.Sprintf("user '%s' moved file '%s' from '%s' to '%s'", executant, item, oldpath, newpath)
 }
 
 // MessageFilePurged returns the human readable string that describes the action
-func MessageFilePurged(item string) string {
-	return fmt.Sprintf("File '%s' was removed from trashbin", item)
+func MessageFilePurged(executant, item string) string {
+	return fmt.Sprintf("user '%s' removed file '%s' from trashbin", executant, item)
 }
 
 // MessageFileRestored returns the human readable string that describes the action
-func MessageFileRestored(item, path string) string {
-	return fmt.Sprintf("File '%s' was restored from trashbin to '%s'", item, path)
+func MessageFileRestored(executant, item, path string) string {
+	return fmt.Sprintf("user '%s' restored file '%s' from trashbin to '%s'", executant, item, path)
 }
 
 // MessageFileVersionRestored returns the human readable string that describes the action
-func MessageFileVersionRestored(item string, version string) string {
-	return fmt.Sprintf("File '%s' was restored in version '%s'", item, version)
+func MessageFileVersionRestored(executant, item, version string) string {
+	return fmt.Sprintf("user '%s' restored file '%s' in version '%s'", executant, item, version)
 }
 
 // MessageSpaceCreated returns the human readable string that describes the action
-func MessageSpaceCreated(spaceID string, name string) string {
-	return fmt.Sprintf("Space '%s' with name '%s' was created", spaceID, name)
+func MessageSpaceCreated(executant, spaceID, name string) string {
+	return fmt.Sprintf("user '%s' created a space '%s' with name '%s'", executant, spaceID, name)
 }
 
 // MessageSpaceRenamed returns the human readable string that describes the action
-func MessageSpaceRenamed(spaceID string, name string) string {
-	return fmt.Sprintf("Space '%s' was renamed to '%s'", spaceID, name)
+func MessageSpaceRenamed(executant, spaceID, name string) string {
+	return fmt.Sprintf("user '%s' renamed space '%s' to '%s'", executant, spaceID, name)
 }
 
 // MessageSpaceDisabled returns the human readable string that describes the action
-func MessageSpaceDisabled(spaceID string) string {
-	return fmt.Sprintf("Space '%s' was disabled", spaceID)
+func MessageSpaceDisabled(executant, spaceID string) string {
+	return fmt.Sprintf("user '%s' disabled the space '%s'", executant, spaceID)
 }
 
 // MessageSpaceEnabled returns the human readable string that describes the action
-func MessageSpaceEnabled(spaceID string) string {
-	return fmt.Sprintf("Space '%s' was (re-) enabled", spaceID)
+func MessageSpaceEnabled(executant, spaceID string) string {
+	return fmt.Sprintf("user '%s' (re-) enabled the space '%s'", executant, spaceID)
 }
 
 // MessageSpaceDeleted returns the human readable string that describes the action
-func MessageSpaceDeleted(spaceID string) string {
-	return fmt.Sprintf("Space '%s' was deleted", spaceID)
+func MessageSpaceDeleted(executant, spaceID string) string {
+	return fmt.Sprintf("user '%s' deleted the space '%s'", executant, spaceID)
 }
 
 // MessageUserCreated returns the human readable string that describes the action
-func MessageUserCreated(userID string) string {
-	return fmt.Sprintf("User '%s' was created", userID)
+func MessageUserCreated(executant, userID string) string {
+	return fmt.Sprintf("user '%s' created the user '%s'", executant, userID)
 }
 
 // MessageUserDeleted returns the human readable string that describes the action
-func MessageUserDeleted(userID string) string {
-	return fmt.Sprintf("User '%s' was deleted", userID)
+func MessageUserDeleted(executant, userID string) string {
+	return fmt.Sprintf("user '%s' deleted the user '%s'", executant, userID)
 }
 
 // MessageUserFeatureChanged returns the human readable string that describes the action
-func MessageUserFeatureChanged(userID string, features []events.UserFeature) string {
-	// Result is: "User %username%'s feature changed: %featurename%=%featurevalue% %featurename%=%featurevalue%"
+func MessageUserFeatureChanged(executant, userID string, features []events.UserFeature) string {
+	// Result is: "user '%executant%' changed user %username%'s features: %featurename%=%featurevalue% %featurename%=%featurevalue%"
 	var sb strings.Builder
-	sb.WriteString("User ")
+	sb.WriteString("user '")
+	sb.WriteString(executant)
+	sb.WriteString("' changed user ")
 	sb.WriteString(userID)
-	sb.WriteString("'s feature changed: ")
+	sb.WriteString("'s features:")
 	for _, f := range features {
 		sb.WriteString(f.Name)
 		sb.WriteRune('=')
@@ -186,21 +188,21 @@ func MessageUserFeatureChanged(userID string, features []events.UserFeature) str
 }
 
 // MessageGroupCreated returns the human readable string that describes the action
-func MessageGroupCreated(groupID string) string {
-	return fmt.Sprintf("Group '%s' was created", groupID)
+func MessageGroupCreated(executant, groupID string) string {
+	return fmt.Sprintf("user '%s' created group '%s'", executant, groupID)
 }
 
 // MessageGroupDeleted returns the human readable string that describes the action
-func MessageGroupDeleted(groupID string) string {
-	return fmt.Sprintf("Group '%s' was deleted", groupID)
+func MessageGroupDeleted(executant, groupID string) string {
+	return fmt.Sprintf("user '%s' deleted group '%s'", executant, groupID)
 }
 
 // MessageGroupMemberAdded returns the human readable string that describes the action
-func MessageGroupMemberAdded(userID, groupID string) string {
-	return fmt.Sprintf("User '%s' was added to group '%s'", userID, groupID)
+func MessageGroupMemberAdded(executant, userID, groupID string) string {
+	return fmt.Sprintf("user '%s' added user '%s' was added to group '%s'", executant, userID, groupID)
 }
 
 // MessageGroupMemberRemoved returns the human readable string that describes the action
-func MessageGroupMemberRemoved(userID, groupID string) string {
-	return fmt.Sprintf("User '%s' was removed from group '%s'", userID, groupID)
+func MessageGroupMemberRemoved(executant, userID, groupID string) string {
+	return fmt.Sprintf("user '%s' added user '%s' was removed from group '%s'", executant, userID, groupID)
 }

extensions/audit/pkg/types/conversion.go

@@ -48,12 +48,12 @@ func SharingAuditEvent(shareid string, fileid string, uid string, base AuditEven
 // ShareCreated converts a ShareCreated Event to an AuditEventShareCreated
 func ShareCreated(ev events.ShareCreated) AuditEventShareCreated {
 	uid := ev.Sharer.OpaqueId
-	with, typ := extractGrantee(ev.GranteeUserID, ev.GranteeGroupID)
-	base := BasicAuditEvent(uid, formatTime(ev.CTime), MessageShareCreated(uid, ev.ItemID.OpaqueId, with), ActionShareCreated)
+	grantee, typ := extractGrantee(ev.GranteeUserID, ev.GranteeGroupID)
+	base := BasicAuditEvent(uid, formatTime(ev.CTime), MessageShareCreated(uid, ev.ItemID.OpaqueId, grantee), ActionShareCreated)
 	return AuditEventShareCreated{
 		AuditEventSharing: SharingAuditEvent("", ev.ItemID.OpaqueId, uid, base),
 		ShareOwner:        uid,
-		ShareWith:         with,
+		ShareWith:         grantee,
 		ShareType:         typ,
 
 		// NOTE: those values are not in the event and can therefore not be filled at the moment
@@ -150,14 +150,14 @@ func ShareRemoved(ev events.ShareRemoved) AuditEventShareRemoved {
 
 // LinkRemoved converts a LinkRemoved event to an AuditEventShareRemoved
 func LinkRemoved(ev events.LinkRemoved) AuditEventShareRemoved {
-	uid, sid, typ := "", "", "link"
+	uid, sid, typ := ev.Executant.GetOpaqueId(), "", "link"
 	if ev.ShareID != nil {
 		sid = ev.ShareID.GetOpaqueId()
 	} else {
 		sid = ev.ShareToken
 	}
 
-	base := BasicAuditEvent(uid, "", MessageLinkRemoved(sid), ActionShareRemoved)
+	base := BasicAuditEvent(uid, "", MessageLinkRemoved(uid, sid), ActionShareRemoved)
 	return AuditEventShareRemoved{
 		AuditEventSharing: SharingAuditEvent(sid, "", uid, base),
 		ShareWith:         "",
@@ -234,8 +234,8 @@ func FilesAuditEvent(base AuditEvent, itemid, owner, path string) AuditEventFile
 
 // ContainerCreated converts a ContainerCreated event to an AuditEventContainerCreated
 func ContainerCreated(ev events.ContainerCreated) AuditEventContainerCreated {
-	iid, path, uid := extractFileDetails(ev.Ref, ev.Executant)
-	base := BasicAuditEvent(uid, "", MessageContainerCreated(iid), ActionContainerCreated)
+	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
+	base := BasicAuditEvent(uid, "", MessageContainerCreated(ev.Executant.GetOpaqueId(), iid), ActionContainerCreated)
 	return AuditEventContainerCreated{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 	}
@@ -244,7 +244,7 @@ func ContainerCreated(ev events.ContainerCreated) AuditEventContainerCreated {
 // FileUploaded converts a FileUploaded event to an AuditEventFileCreated
 func FileUploaded(ev events.FileUploaded) AuditEventFileCreated {
 	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
-	base := BasicAuditEvent(uid, "", MessageFileCreated(iid), ActionFileCreated)
+	base := BasicAuditEvent(uid, "", MessageFileCreated(ev.Executant.GetOpaqueId(), iid), ActionFileCreated)
 	return AuditEventFileCreated{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 	}
@@ -253,7 +253,7 @@ func FileUploaded(ev events.FileUploaded) AuditEventFileCreated {
 // FileDownloaded converts a FileDownloaded event to an AuditEventFileRead
 func FileDownloaded(ev events.FileDownloaded) AuditEventFileRead {
 	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
-	base := BasicAuditEvent(uid, "", MessageFileRead(iid), ActionFileRead)
+	base := BasicAuditEvent(uid, "", MessageFileRead(ev.Executant.GetOpaqueId(), iid), ActionFileRead)
 	return AuditEventFileRead{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 	}
@@ -268,7 +268,7 @@ func ItemMoved(ev events.ItemMoved) AuditEventFileRenamed {
 		oldpath = ev.OldReference.GetPath()
 	}
 
-	base := BasicAuditEvent(uid, "", MessageFileRenamed(iid, oldpath, path), ActionFileRenamed)
+	base := BasicAuditEvent(uid, "", MessageFileRenamed(ev.Executant.GetOpaqueId(), iid, oldpath, path), ActionFileRenamed)
 	return AuditEventFileRenamed{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 		OldPath:         oldpath,
@@ -278,7 +278,7 @@ func ItemMoved(ev events.ItemMoved) AuditEventFileRenamed {
 // ItemTrashed converts a ItemTrashed event to an AuditEventFileDeleted
 func ItemTrashed(ev events.ItemTrashed) AuditEventFileDeleted {
 	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
-	base := BasicAuditEvent(uid, "", MessageFileTrashed(iid), ActionFileTrashed)
+	base := BasicAuditEvent(uid, "", MessageFileTrashed(ev.Executant.GetOpaqueId(), iid), ActionFileTrashed)
 	return AuditEventFileDeleted{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 	}
@@ -287,7 +287,7 @@ func ItemTrashed(ev events.ItemTrashed) AuditEventFileDeleted {
 // ItemPurged converts a ItemPurged event to an AuditEventFilePurged
 func ItemPurged(ev events.ItemPurged) AuditEventFilePurged {
 	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
-	base := BasicAuditEvent(uid, "", MessageFilePurged(iid), ActionFilePurged)
+	base := BasicAuditEvent(uid, "", MessageFilePurged(ev.Executant.GetOpaqueId(), iid), ActionFilePurged)
 	return AuditEventFilePurged{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 	}
@@ -302,7 +302,7 @@ func ItemRestored(ev events.ItemRestored) AuditEventFileRestored {
 		oldpath = ev.OldReference.GetPath()
 	}
 
-	base := BasicAuditEvent(uid, "", MessageFileRestored(iid, path), ActionFileRestored)
+	base := BasicAuditEvent(uid, "", MessageFileRestored(ev.Executant.GetOpaqueId(), iid, path), ActionFileRestored)
 	return AuditEventFileRestored{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 		OldPath:         oldpath,
@@ -312,7 +312,7 @@ func ItemRestored(ev events.ItemRestored) AuditEventFileRestored {
 // FileVersionRestored converts a FileVersionRestored event to an AuditEventFileVersionRestored
 func FileVersionRestored(ev events.FileVersionRestored) AuditEventFileVersionRestored {
 	iid, path, uid := extractFileDetails(ev.Ref, ev.Owner)
-	base := BasicAuditEvent(uid, "", MessageFileVersionRestored(iid, ev.Key), ActionFileVersionRestored)
+	base := BasicAuditEvent(uid, "", MessageFileVersionRestored(ev.Executant.GetOpaqueId(), iid, ev.Key), ActionFileVersionRestored)
 	return AuditEventFileVersionRestored{
 		AuditEventFiles: FilesAuditEvent(base, iid, uid, path),
 		Key:             ev.Key,
@@ -331,7 +331,7 @@ func SpacesAuditEvent(base AuditEvent, spaceID string) AuditEventSpaces {
 func SpaceCreated(ev events.SpaceCreated) AuditEventSpaceCreated {
 	sid := ev.ID.GetOpaqueId()
 	iid, _, owner := extractFileDetails(&provider.Reference{ResourceId: ev.Root}, ev.Owner)
-	base := BasicAuditEvent("", formatTime(ev.MTime), MessageSpaceCreated(sid, ev.Name), ActionSpaceCreated)
+	base := BasicAuditEvent("", formatTime(ev.MTime), MessageSpaceCreated(ev.Executant.GetOpaqueId(), sid, ev.Name), ActionSpaceCreated)
 	return AuditEventSpaceCreated{
 		AuditEventSpaces: SpacesAuditEvent(base, sid),
 		Owner:            owner,
@@ -344,7 +344,7 @@ func SpaceCreated(ev events.SpaceCreated) AuditEventSpaceCreated {
 // SpaceRenamed converts a SpaceRenamed event to an AuditEventSpaceRenamed
 func SpaceRenamed(ev events.SpaceRenamed) AuditEventSpaceRenamed {
 	sid := ev.ID.GetOpaqueId()
-	base := BasicAuditEvent("", "", MessageSpaceRenamed(sid, ev.Name), ActionSpaceRenamed)
+	base := BasicAuditEvent("", "", MessageSpaceRenamed(ev.Executant.GetOpaqueId(), sid, ev.Name), ActionSpaceRenamed)
 	return AuditEventSpaceRenamed{
 		AuditEventSpaces: SpacesAuditEvent(base, sid),
 		NewName:          ev.Name,
@@ -354,7 +354,7 @@ func SpaceRenamed(ev events.SpaceRenamed) AuditEventSpaceRenamed {
 // SpaceDisabled converts a SpaceDisabled event to an AuditEventSpaceDisabled
 func SpaceDisabled(ev events.SpaceDisabled) AuditEventSpaceDisabled {
 	sid := ev.ID.GetOpaqueId()
-	base := BasicAuditEvent("", "", MessageSpaceDisabled(sid), ActionSpaceDisabled)
+	base := BasicAuditEvent("", "", MessageSpaceDisabled(ev.Executant.GetOpaqueId(), sid), ActionSpaceDisabled)
 	return AuditEventSpaceDisabled{
 		AuditEventSpaces: SpacesAuditEvent(base, sid),
 	}
@@ -363,7 +363,7 @@ func SpaceDisabled(ev events.SpaceDisabled) AuditEventSpaceDisabled {
 // SpaceEnabled converts a SpaceEnabled event to an AuditEventSpaceEnabled
 func SpaceEnabled(ev events.SpaceEnabled) AuditEventSpaceEnabled {
 	sid := ev.ID.GetOpaqueId()
-	base := BasicAuditEvent("", "", MessageSpaceEnabled(sid), ActionSpaceEnabled)
+	base := BasicAuditEvent("", "", MessageSpaceEnabled(ev.Executant.GetOpaqueId(), sid), ActionSpaceEnabled)
 	return AuditEventSpaceEnabled{
 		AuditEventSpaces: SpacesAuditEvent(base, sid),
 	}
@@ -372,7 +372,7 @@ func SpaceEnabled(ev events.SpaceEnabled) AuditEventSpaceEnabled {
 // SpaceDeleted converts a SpaceDeleted event to an AuditEventSpaceDeleted
 func SpaceDeleted(ev events.SpaceDeleted) AuditEventSpaceDeleted {
 	sid := ev.ID.GetOpaqueId()
-	base := BasicAuditEvent("", "", MessageSpaceDeleted(sid), ActionSpaceDeleted)
+	base := BasicAuditEvent("", "", MessageSpaceDeleted(ev.Executant.GetOpaqueId(), sid), ActionSpaceDeleted)
 	return AuditEventSpaceDeleted{
 		AuditEventSpaces: SpacesAuditEvent(base, sid),
 	}
@@ -380,7 +380,7 @@ func SpaceDeleted(ev events.SpaceDeleted) AuditEventSpaceDeleted {
 
 // UserCreated converts a UserCreated event to an AuditEventUserCreated
 func UserCreated(ev events.UserCreated) AuditEventUserCreated {
-	base := BasicAuditEvent("", "", MessageUserCreated(ev.UserID), ActionUserCreated)
+	base := BasicAuditEvent("", "", MessageUserCreated(ev.Executant.GetOpaqueId(), ev.UserID), ActionUserCreated)
 	return AuditEventUserCreated{
 		AuditEvent: base,
 		UserID:     ev.UserID,
@@ -389,7 +389,7 @@ func UserCreated(ev events.UserCreated) AuditEventUserCreated {
 
 // UserDeleted converts a UserDeleted event to an AuditEventUserDeleted
 func UserDeleted(ev events.UserDeleted) AuditEventUserDeleted {
-	base := BasicAuditEvent("", "", MessageUserDeleted(ev.UserID), ActionUserDeleted)
+	base := BasicAuditEvent("", "", MessageUserDeleted(ev.Executant.GetOpaqueId(), ev.UserID), ActionUserDeleted)
 	return AuditEventUserDeleted{
 		AuditEvent: base,
 		UserID:     ev.UserID,
@@ -398,7 +398,7 @@ func UserDeleted(ev events.UserDeleted) AuditEventUserDeleted {
 
 // UserFeatureChanged converts a UserFeatureChanged event to an AuditEventUserFeatureChanged
 func UserFeatureChanged(ev events.UserFeatureChanged) AuditEventUserFeatureChanged {
-	msg := MessageUserFeatureChanged(ev.UserID, ev.Features)
+	msg := MessageUserFeatureChanged(ev.Executant.GetOpaqueId(), ev.UserID, ev.Features)
 	base := BasicAuditEvent("", "", msg, ActionUserFeatureChanged)
 	return AuditEventUserFeatureChanged{
 		AuditEvent: base,
@@ -409,7 +409,7 @@ func UserFeatureChanged(ev events.UserFeatureChanged) AuditEventUserFeatureChang
 
 // GroupCreated converts a GroupCreated event to an AuditEventGroupCreated
 func GroupCreated(ev events.GroupCreated) AuditEventGroupCreated {
-	base := BasicAuditEvent("", "", MessageGroupCreated(ev.GroupID), ActionGroupCreated)
+	base := BasicAuditEvent("", "", MessageGroupCreated(ev.Executant.GetOpaqueId(), ev.GroupID), ActionGroupCreated)
 	return AuditEventGroupCreated{
 		AuditEvent: base,
 		GroupID:    ev.GroupID,
@@ -418,7 +418,7 @@ func GroupCreated(ev events.GroupCreated) AuditEventGroupCreated {
 
 // GroupDeleted converts a GroupDeleted event to an AuditEventGroupDeleted
 func GroupDeleted(ev events.GroupDeleted) AuditEventGroupDeleted {
-	base := BasicAuditEvent("", "", MessageGroupDeleted(ev.GroupID), ActionGroupDeleted)
+	base := BasicAuditEvent("", "", MessageGroupDeleted(ev.Executant.GetOpaqueId(), ev.GroupID), ActionGroupDeleted)
 	return AuditEventGroupDeleted{
 		AuditEvent: base,
 		GroupID:    ev.GroupID,
@@ -427,7 +427,7 @@ func GroupDeleted(ev events.GroupDeleted) AuditEventGroupDeleted {
 
 // GroupMemberAdded converts a GroupMemberAdded event to an AuditEventGroupMemberAdded
 func GroupMemberAdded(ev events.GroupMemberAdded) AuditEventGroupMemberAdded {
-	msg := MessageGroupMemberAdded(ev.GroupID, ev.UserID)
+	msg := MessageGroupMemberAdded(ev.Executant.GetOpaqueId(), ev.GroupID, ev.UserID)
 	base := BasicAuditEvent("", "", msg, ActionGroupMemberAdded)
 	return AuditEventGroupMemberAdded{
 		AuditEvent: base,
@@ -438,7 +438,7 @@ func GroupMemberAdded(ev events.GroupMemberAdded) AuditEventGroupMemberAdded {
 
 // GroupMemberRemoved converts a GroupMemberRemoved event to an AuditEventGroupMemberRemove
 func GroupMemberRemoved(ev events.GroupMemberRemoved) AuditEventGroupMemberRemoved {
-	msg := MessageGroupMemberRemoved(ev.GroupID, ev.UserID)
+	msg := MessageGroupMemberRemoved(ev.Executant.GetOpaqueId(), ev.GroupID, ev.UserID)
 	base := BasicAuditEvent("", "", msg, ActionGroupMemberRemoved)
 	return AuditEventGroupMemberRemoved{
 		AuditEvent: base,
@@ -480,18 +480,18 @@ func formatTime(t *types.Timestamp) string {
 }
 
 func updateType(u string) string {
-	switch {
-	case u == "permissions":
+	switch u {
+	case "permissions":
 		return ActionSharePermissionUpdated
-	case u == "displayname":
+	case "displayname":
 		return ActionShareDisplayNameUpdated
-	case u == "TYPE_PERMISSIONS":
+	case "TYPE_PERMISSIONS":
 		return ActionSharePermissionUpdated
-	case u == "TYPE_DISPLAYNAME":
+	case "TYPE_DISPLAYNAME":
 		return ActionShareDisplayNameUpdated
-	case u == "TYPE_PASSWORD":
+	case "TYPE_PASSWORD":
 		return ActionSharePasswordUpdated
-	case u == "TYPE_EXPIRATION":
+	case "TYPE_EXPIRATION":
 		return ActionShareExpirationUpdated
 	default:
 		fmt.Println("Unknown update type", u)

extensions/frontend/pkg/config/config.go

@@ -25,12 +25,13 @@ type Config struct {
 
 	SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."`
 
-	EnableFavorites          bool   `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES" desc:"Disables the support for favorites in the frontend."`
+	EnableFavorites          bool   `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES" desc:"Enables the support for favorites in the frontend."`
 	EnableProjectSpaces      bool   `yaml:"enable_project_spaces" env:"FRONTEND_ENABLE_PROJECT_SPACES" desc:"Indicates to clients that project spaces are supposed to be made available."`
 	EnableShareJail          bool   `yaml:"enable_share_jail" env:"FRONTEND_ENABLE_SHARE_JAIL" desc:"Indicates to clients that the share jail is supposed to be used."`
 	UploadMaxChunkSize       int    `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes for uploads via the frontend." `
 	UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advise TUS to replace PATCH requests by POST requests."`
 	DefaultUploadProtocol    string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the frontend (e.g. tus)."`
+	EnableResharing          bool   `yaml:"enable_resharing" env:"FRONTEND_ENABLE_RESHARING" desc:"Enables the support for resharing in the frontend."`
 
 	PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing url of the ocis frontend."`
 

extensions/frontend/pkg/config/defaults/defaultconfig.go

@@ -38,6 +38,7 @@ func DefaultConfig() *config.Config {
 		UploadMaxChunkSize:       1e+8,
 		UploadHTTPMethodOverride: "",
 		DefaultUploadProtocol:    "tus",
+		EnableResharing:          false,
 		Checksums: config.Checksums{
 			SupportedTypes:      []string{"sha1", "md5", "adler32"},
 			PreferredUploadType: "",

extensions/frontend/pkg/revaconfig/config.go

@@ -159,7 +159,7 @@ func FrontendConfigFromStruct(cfg *config.Config) map[string]interface{} {
 							},
 							"files_sharing": map[string]interface{}{
 								"api_enabled":                       true,
-								"resharing":                         true,
+								"resharing":                         cfg.EnableResharing,
 								"group_sharing":                     true,
 								"auto_accept_share":                 true,
 								"share_with_group_members_only":     true,

extensions/gateway/pkg/config/config.go

@@ -21,28 +21,27 @@ type Config struct {
 
 	SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"GATEWAY_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."`
 
-	CommitShareToStorageGrant  bool   `yaml:"commit_share_to_storage_grant" env:"GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT"`
-	CommitShareToStorageRef    bool   `yaml:"commit_share_to_storage_ref" env:"GATEWAY_COMMIT_SHARE_TO_STORAGE_REF"`
-	ShareFolder                string `yaml:"share_folder_name" env:"GATEWAY_SHARE_FOLDER_NAME"`
-	DisableHomeCreationOnLogin bool   `yaml:"disable_home_creation_on_login" env:"GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN"`
-	TransferSecret             string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET" desc:"Transfer secret for signing file up- and download requests."`
-	TransferExpires            int    `yaml:"transfer_expires" env:"GATEWAY_TRANSFER_EXPIRES"`
-	HomeMapping                string `yaml:"home_mapping" env:"GATEWAY_HOME_MAPPING"`
-	EtagCacheTTL               int    `yaml:"etag_cache_ttl" env:"GATEWAY_ETAG_CACHE_TTL"`
+	CommitShareToStorageGrant  bool   `yaml:"commit_share_to_storage_grant" env:"GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT" desc:"Commit shares to storage grants."`
+	CommitShareToStorageRef    bool   `yaml:"commit_share_to_storage_ref" env:"GATEWAY_COMMIT_SHARE_TO_STORAGE_REF" desc:"Commit shares to storage."`
+	ShareFolder                string `yaml:"share_folder_name" env:"GATEWAY_SHARE_FOLDER_NAME" desc:"Name of the share folder in users' home space."`
+	DisableHomeCreationOnLogin bool   `yaml:"disable_home_creation_on_login" env:"GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN" desc:"Disable creation of the home space on login."`
+	TransferSecret             string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET" desc:"The storage transfer secret"` // TODO: how to name the env
+	TransferExpires            int    `yaml:"transfer_expires" env:"GATEWAY_TRANSFER_EXPIRES" desc:"Expiry for the gateway tokens"`
+	EtagCacheTTL               int    `yaml:"etag_cache_ttl" env:"GATEWAY_ETAG_CACHE_TTL" desc:"Max TTL for the gateway's ETAG cache."`
 
-	FrontendPublicURL string `yaml:"frontend_public_url" env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."`
+	FrontendPublicURL string `yaml:"frontend_public_url" env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL" desc:"The public facing url of the ocis frontend."`
 
-	UsersEndpoint             string `yaml:"users_endpoint" env:"GATEWAY_USERS_ENDPOINT"`
-	GroupsEndpoint            string `yaml:"groups_endpoint" env:"GATEWAY_GROUPS_ENDPOINT"`
-	PermissionsEndpoint       string `yaml:"permissions_endpoint" env:"GATEWAY_PERMISSIONS_ENDPOINT"`
-	SharingEndpoint           string `yaml:"sharing_endpoint" env:"GATEWAY_SHARING_ENDPOINT"`
-	AuthBasicEndpoint         string `yaml:"auth_basic_endpoint" env:"GATEWAY_AUTH_BASIC_ENDPOINT"`
-	AuthBearerEndpoint        string `yaml:"auth_bearer_endpoint" env:"GATEWAY_AUTH_BEARER_ENDPOINT"`
-	AuthMachineEndpoint       string `yaml:"auth_machine_endpoint" env:"GATEWAY_AUTH_MACHINE_ENDPOINT"`
-	StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint" env:"GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT"`
-	StorageUsersEndpoint      string `yaml:"storage_users_endpoint" env:"GATEWAY_STORAGE_USERS_ENDPOINT"`
-	StorageSharesEndpoint     string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT"`
-	AppRegistryEndpoint       string `yaml:"app_registry_endpoint" env:"GATEWAY_APP_REGISTRY_ENDPOINT"`
+	UsersEndpoint             string `yaml:"users_endpoint" env:"GATEWAY_USERS_ENDPOINT" desc:"The users api endpoint."`
+	GroupsEndpoint            string `yaml:"groups_endpoint" env:"GATEWAY_GROUPS_ENDPOINT" desc:"The groups api endpoint."`
+	PermissionsEndpoint       string `yaml:"permissions_endpoint" env:"GATEWAY_PERMISSIONS_ENDPOINT" desc:"The permission api endpoint."`
+	SharingEndpoint           string `yaml:"sharing_endpoint" env:"GATEWAY_SHARING_ENDPOINT" desc:"The share api endpoint."`
+	AuthBasicEndpoint         string `yaml:"auth_basic_endpoint" env:"GATEWAY_AUTH_BASIC_ENDPOINT" desc:"The auth basic api endpoint."`
+	AuthBearerEndpoint        string `yaml:"auth_bearer_endpoint" env:"GATEWAY_AUTH_BEARER_ENDPOINT" desc:"The auth bearer api endpoint."`
+	AuthMachineEndpoint       string `yaml:"auth_machine_endpoint" env:"GATEWAY_AUTH_MACHINE_ENDPOINT" desc:"The auth machine api endpoint."`
+	StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint" env:"GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT" desc:"The storage puliclink api endpoint."`
+	StorageUsersEndpoint      string `yaml:"storage_users_endpoint" env:"GATEWAY_STORAGE_USERS_ENDPOINT" desc:"The storage users api endpoint."`
+	StorageSharesEndpoint     string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT" desc:"The storage shares api endpoint."`
+	AppRegistryEndpoint       string `yaml:"app_registry_endpoint" env:"GATEWAY_APP_REGISTRY_ENDPOINT" desc:"The app registry api endpoint."`
 
 	StorageRegistry StorageRegistry `yaml:"storage_registry"` //TODO: should we even support switching this?
 

extensions/gateway/pkg/config/defaults/defaultconfig.go

@@ -36,7 +36,6 @@ func DefaultConfig() *config.Config {
 		ShareFolder:                "Shares",
 		DisableHomeCreationOnLogin: true,
 		TransferExpires:            24 * 60 * 60,
-		HomeMapping:                "",
 		EtagCacheTTL:               0,
 
 		FrontendPublicURL: "https://localhost:9200",

extensions/gateway/pkg/revaconfig/config.go

@@ -52,7 +52,6 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i
 					"datagateway":                    strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data",
 					"transfer_shared_secret":         cfg.TransferSecret,
 					"transfer_expires":               cfg.TransferExpires,
-					"home_mapping":                   cfg.HomeMapping,
 					"etag_cache_ttl":                 cfg.EtagCacheTTL,
 				},
 				"authregistry": map[string]interface{}{

extensions/graph/pkg/config/config.go

@@ -29,15 +29,15 @@ type Config struct {
 }
 
 type Spaces struct {
-	WebDavBase                      string `yaml:"webdav_base" env:"OCIS_URL;GRAPH_SPACES_WEBDAV_BASE" desc:"URL, where oCIS is reachable for users."`
-	WebDavPath                      string `yaml:"webdav_path" env:"GRAPH_SPACES_WEBDAV_PATH"`
-	DefaultQuota                    string `yaml:"default_quota" env:"GRAPH_SPACES_DEFAULT_QUOTA"`
-	Insecure                        bool   `yaml:"insecure" env:"OCIS_INSECURE;GRAPH_SPACES_INSECURE"`
-	ExtendedSpacePropertiesCacheTTL int    `yaml:"extended_space_properties_cache_ttl" env:"GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL"`
+	WebDavBase                      string `yaml:"webdav_base" env:"OCIS_URL;GRAPH_SPACES_WEBDAV_BASE" desc:"The public facing URL of WebDAV."`
+	WebDavPath                      string `yaml:"webdav_path" env:"GRAPH_SPACES_WEBDAV_PATH" desc:"The WebDAV subpath for spaces."`
+	DefaultQuota                    string `yaml:"default_quota" env:"GRAPH_SPACES_DEFAULT_QUOTA" desc:"The default quota in bytes."`
+	Insecure                        bool   `yaml:"insecure" env:"OCIS_INSECURE;GRAPH_SPACES_INSECURE" desc:"Allow insecure connetctions to the spaces."`
+	ExtendedSpacePropertiesCacheTTL int    `yaml:"extended_space_properties_cache_ttl" env:"GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL" desc:"Max TTL for the spaces property cache."`
 }
 
 type LDAP struct {
-	URI           string `yaml:"uri" env:"LDAP_URI;GRAPH_LDAP_URI"`
+	URI           string `yaml:"uri" env:"LDAP_URI;GRAPH_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"`
 	CACert        string `yaml:"cacert" env:"LDAP_CACERT;GRAPH_LDAP_CACERT" desc:"The certificate to verify TLS connections"`
 	Insecure      bool   `yaml:"insecure" env:"LDAP_INSECURE;GRAPH_LDAP_INSECURE"`
 	BindDN        string `yaml:"bind_dn" env:"LDAP_BIND_DN;GRAPH_LDAP_BIND_DN"`

extensions/graph/pkg/identity/ldap.go

@@ -467,7 +467,7 @@ func (i *LDAP) GetGroup(ctx context.Context, nameOrID string, queryParam url.Val
 		if err != nil {
 			return nil, err
 		}
-		if len(members) > 1 {
+		if len(members) > 0 {
 			m := make([]libregraph.User, 0, len(members))
 			for _, u := range members {
 				m = append(m, *u)
@@ -623,7 +623,7 @@ func (i *LDAP) GetGroups(ctx context.Context, queryParam url.Values) ([]*libregr
 			if err != nil {
 				return nil, err
 			}
-			if len(members) > 1 {
+			if len(members) > 0 {
 				m := make([]libregraph.User, 0, len(members))
 				for _, u := range members {
 					m = append(m, *u)

extensions/graph/pkg/server/http/server.go

@@ -59,6 +59,10 @@ func Server(opts ...Option) (http.Service, error) {
 		svc.EventsPublisher(publisher),
 	)
 
+	if handle == nil {
+		return http.Service{}, errors.New("could not initialize graph service")
+	}
+
 	{
 		handle = svc.NewInstrument(handle, options.Metrics)
 		handle = svc.NewLogging(handle, options.Logger)